package com.xinnet.mms.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.acegisecurity.providers.encoding.MessageDigestPasswordEncoder;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.xinnet.core.utils.ConfigUtil;
import com.xinnet.core.utils.INetUtils;
import com.xinnet.mms.quartz.job.CustomAllotJob;


/**
 * 
 * IP信任过滤器
 * @author 颜绿水
 * @author $Author:$
 * @version $Revision:$ $Date:$ 
 * @since 2014-8-7
 *
 */
public class TrustIpFilter implements Filter {
	
	private static Log log = LogFactory.getLog(TrustIpFilter.class);
	

	@Override
	public void destroy() {

	}
	

	@Override
	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
		response.setContentType("text/html;charset=utf-8");
		
		//发起post请求获得可信任的ip列表
		String trustServerAddr = ConfigUtil.getString("trustIp.server");
		log.info("调用IP信任接口服务地址："+trustServerAddr);
		
		String result = CustomAllotJob.getIpString(); //获取IP认证列表
		log.debug("调用IP信任接口返回列表【one】："+result);
		if(StringUtils.isBlank(result)){
			result = CustomAllotJob.getTrustIpData(trustServerAddr, "");
			log.debug("调用IP信任接口返回列表【two】："+result);
			CustomAllotJob.setIpString(result);
		}
		
		
		if(StringUtils.isBlank(result)){ //两次都获取不到IP认证服务接口返回值，则不让通过
			log.info("两次都获取不到IP认证服务接口返回值，则不让通过");
			response.getWriter().print("拒绝访问！");
			chain.doFilter(req, res);
			return;
		}
		
		

		//去除返回值中的无效字符"["和"]"
		//以,为分隔符,得到可信任IP列表
		String[] resultArray = result.replace("[", "").replace("]", "").split(",");
		
		
		//用于测试的IP
//		String testIP = "14.154.19.232";
		String clientIP = INetUtils.getClientIpAddr(request);  //获取客户端IP地址
//		String clientIP = INetUtils.getLocalHostAddress();
		log.info("客户端公网IP地址："+clientIP);
		
		
		//是否通过验证的标识,
		//false:未通过
		//true:通过
		boolean flag = false;
		
		//初始化加密类
		MessageDigestPasswordEncoder mdpeSha = new MessageDigestPasswordEncoder("SHA-256");  
		mdpeSha.setEncodeHashAsBase64(false);  
		//生成加密后的IP地址
		String shaPassword = mdpeSha.encodePassword(clientIP, null);
		log.info("加密后的客户端公网IP地址："+shaPassword);
	    for(int i=0;i<resultArray.length;i++){
	    	if(shaPassword.trim().equals(resultArray[i].trim())){
	    		flag = true;
	    		break;
	    	}
		}
	    if(flag){ //IP验证通过
	    	chain.doFilter(req, res); //放行
	    	log.info(">>>>IP验证通过,在信任列表中");
	    }else{
	    	response.getWriter().print("拒绝访问！");
	    	log.info("===============>IP验证不通过,不在信任列表中");
    	}
	}

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		
	}

	
	
}
